#!/bin/bash

set -o errexit
set -o xtrace

test_dir=$(realpath $(dirname $0))
. ${test_dir}/../functions

create_namespace $namespace
deploy_operator

kubectl_bin apply -f $conf_dir/secrets.yml -f $conf_dir/client.yml -f $conf_dir/minio-secret.yml
kubectl_bin apply -f "$test_dir/conf/service-account.yml"
if [[ -n "${OPENSHIFT}" ]]; then
    oc adm policy add-scc-to-user privileged -z percona-server-mongodb-operator-workload
    oc patch role/percona-server-mongodb-operator --type json -p='[{"op":"add","path": "/rules/-","value":{"apiGroups":["security.openshift.io"],"resources":["securitycontextconstraints"],"verbs":["use"],"resourceNames":["privileged"]}}]'
fi

cluster="sec-context"

desc 'create first PSMDB cluster'
spinup_psmdb ${cluster}-rs0 $test_dir/conf/${cluster}-rs0.yml
compare_kubectl "statefulset/${cluster}-rs0"

deploy_minio

desc 'change security context'
postfix="-changed"
apply_cluster $test_dir/conf/${cluster}-rs0$postfix.yml
sleep 20
wait_for_running "${cluster}-rs0" "3"
compare_kubectl "statefulset/${cluster}-rs0" $postfix
compare_kubectl "cronjob.batch/${cluster}-backup-each-hour"

if [[ -n "${OPENSHIFT}" ]]; then
    oc adm policy remove-scc-from-user privileged -z percona-server-mongodb-operator-workload
fi
destroy $namespace
